Reputation: 115
Issue with cookie's SameSite attribute in Angular and .NET
I'm hosting an Angular app on http://app.localhost URL.
Where am checking, setting and modifying an authentication related cookie on initial page load, login and logout API calls.
Cookie's SameSite attribute has value "Strict".
I'm also hosting a simple webpage on http://127.0.0.1:5000 URL.
It consist of an anchor tag which redirects to http://app.localhost.
So, when I'm loading the page by entering http://app.localhost URL in the browser, the cookie is being sent from the backend, which is expected.
But when am opening http://app.localhost page on clicking on anchor tag (link) present on http://127.0.0.1:5000 page (i.e. opening the page through redirect), then also cookie is being sent from the backend, which is not expected in case of "SameSite: Strict".
Ref.:
https://stackoverflow.com/a/59995877/16760422
https://web.dev/articles/samesite-cookies-explained#use-samesite
Please correct me if I'm misunderstanding "SameSite: Strict".
And why cookie's behavior is not as expected?
Upvotes: 0
Views: 27
Answers (0)
Related Questions
- What is the difference between .NET Core and .NET Standard Class Library project types?
- Angular: conditional class with *ngClass
- Difference between decimal, float and double in .NET?
- ngFor with index as value in attribute
- What's the difference between struct and class in .NET?
- How to resolve Lighthouse's SameSite cookie issue
- Issue with SameSite attribute with rails